Pankaj Rohatgi
Trustworthy Hardware
The requirements of physical security as well as issues with performance and trustworthiness of software has resulted in a trend towards moving critical security functionality into hardware and using trustworthy hardware to bootstrap the security of a system. Separate specialized security hardware such as IBM 4758/4764, secure cryptographic tokens and smartcards are being augmented by a more integrated approach where security functionality becomes an integral part of a general purpose platform. For example, the Z-series mainframes and the Sun Nigara 2 systems have on-chip crypto engines and the trend is towards most PCs incorporating TPMs for establishing core root of trust. In addition there are efforts around the design of secure processors, i.e., both in terms of processors that provide secure execution environment against software based attacks such as the Intel VT and AMD Pacifica and clean slate designs such as SecureCore as well as architectures such as Secure Blue that can work in physically insecure environments where the external memory may be attacked. Secure computing in a physically insecure environment also a key requirement for sensors and mobile nodes deployed in defense related applications.
However, ensuring that hardware itself is dependable and trustworthy is a nontrivial task which encompasses all stages of the hardware lifecycle, starting from design, manufacturing, testing, initialization, personalization, deployment, maintenance/upgrades and decommissioning. In this talk we will describe some of the issues and challenges in ensuring the dependability and trustworthiness of hardware throughout its lifecycle, and describe some of the techniques and technologies developed at IBM and elsewhere to address these challenges and point out significant gaps that require more research.